The Zero Trust Journey: Spotlight on the Environmental Protection Agency

In a recent webinar produced by Federal News Network, the Director of the Environmental Protection Agency (EPA)’s Office of Information Security and Privacy, Tonya Manning, detailed the state of the agency’s zero trust and data handling postures, as well as its latest priorities. We’ll spotlight several takeaways and look at what’s to likely come down the pike for the EPA in the coming months and years.

Zero Trust Architecture

Every department within the federal government is currently working toward building its ideal zero trust architecture as a result of Executive Order 14028, issued by President Biden in 2021. While there are multiple avenues providing guidance toward what that means exactly and how to best achieve it, Ms. Manning noted that it remains a journey, not a sprint, for the EPA. Implementation for the EPA began with a look at who was on their network, she noted, and employing identity and access management (IAM) solutions, which provided a framework of business processes, policies and technologies that facilitate the management of electronic or digital identities.

Following the pandemic, the EPA moved forward with virtual smart cards, as well as multi-factor authentication (MFA) capabilities given the heightened influx of remote workers. As with many other government departments and agencies, the pandemic changed how the EPA approached its work environment. Her office began focusing then on web content solutions, and blocking malicious traffic, as well as addressing vulnerabilities by adding remote sensors, all in effort to help decrease remote workforce issues.

As for the near future of their zero trust priorities, Ms. Manning noted they will be focused on implementing phishing-resistant MFA, as well as establishing a consistent definition of zero trust architecture (ZTA) and understanding the value of ZTA and a centralized management approach overall.

Data Innovation and the Federal Data Strategy     

The Federal Data Strategy was originally published in June of 2019 with the goal to fully leverage the value of federal data for mission, service, and the public good by guiding the federal government in practicing ethical governance, conscious design, and a learning culture. It is comprised of annual action steps agencies are directed to follow by 2030, to ultimately improve data handling across the federal government. The latest 2021 Action Plan builds on the 2020 goals, continuing to provide what the government refers to as “foundational activities” that promote information sharing through interagency councils to identify and share what practices work best for different use cases.

Ms. Manning touched on the importance of data handling for the EPA as both an existing and future priority. She noted that a major focus moving into FY23 for her office will be seeking to normalize and encrypt data, as well as continuing to align to the Federal Data Strategy described above.

Environmental Protection Agency’s Future Goals

When asked about the EPA’s future, Ms. Manning noted she would like to eventually see the ability to work from anywhere at the EPA with the same capabilities available at home and in the office, as well as a comfortable definition and implementation of a ZTA, leading to fewer cybersecurity incidents. Certainly, the EPA is not alone in its goals. The recent influx of cyber-related attacks has given way to increased focus on mitigating vulnerabilities and strengthening security across all federal agencies. Just as zero trust is not one component or solution, so too is the process to better practices overall for the EPA in achieving its goals for months and years to come.

To get more DLT Market Insight content, please visit our Market Intelligence microsite.
 

About the Author:
Susanna Patten is a senior analyst on the DLT Market Insights team covering tech domain centric trends across the Public Sector.